The US Sentencing Commission web site has been repeatedly hacked by Anonymous in protest of the suicide of Aaron Swartz. The site was defaced with a video and offered some encrypted files for download, with a threat to release the decryption keys if reforms to the CFAA are not made.

The site was restored Saturday, but was defaced again on Sunday – with Asteroids.

The site was unavailable for quite some time after the second breach.

Apparently the site was restored, but whatever weakness it had was restored too.

Is it better to get the site back up fast or spend some time to figure out what happened?

NY Times announces it has hacked

The NY Times reports that its IT systems had been compromised by “Chinese attackers”.

When the Times became aware of the intrusion, they chose to monitor the activity, rather than try to immediately close the holes

This has some benefits, since it allows the victim to understand the extent to which their systems have been compromised, rather than tipping off the intruder by starting to remediate systems piecemeal.

NYT contracted Mandiant to investigate

The attackers were routing traffic through compromised hosts in US universities

The attackers appeared to be interested in determining who provided an NYT reporter with some salacious information about Wen Jiabao, China’s prime minister.

Lots of criticism about the report

Reference to rainbow tables shows the author isn’t a security pro

China APT seems to be involved in every investigation Mandiant investigates

Lack of details

Makes the attack seem highly sophisticated

I do agree that there is nothing spectacular about this attack – just about anyone with good knowledge of metasploit and SET could pull this style of attack

The timing of the attack certainly is interesting, given the proximity to the story about the FBI searching for the government source who leaked details of the US’ involvement in Stuxnet to New York Times’ chief Washington correspondent, David Sange.

In brief, here is what happened. Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network. As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware. There is no defensive security episode 6indication that this was the result of an issue with our product. Our investigation also shows that our product was not compromised.

We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9.

While there’s not a lot to go on, the wording sounds like Bit9 had servers that weren’t properly configured.

AV vendors seem to be getting their comeuppance on Bit9 due to their previous bashing of AV

AWL is still a good technology, but this highlights supply chain risks that need to be considered